COURSE of the MONTH

Making additional ip addresses available in DHCP

Hi everyone,

I have a question. I want to know what steps I need to take to 1. Have the router hand out DHCP instead of the domain controller and 2. How to add additional available IP Addresses.

My current setup is this: I have a windows 2003 DC which is configured as the DHCP server also. I want to instead have my router/firewall hand out DHCP. What changes are needed to do this. I know how to turn off DHCP on the DC and turn it on on the router, but what do I need to do in DHCP on the router so that clients that need to authenticate to the DC can reach it? Do I need to put the DNS entries as the DC IP address and the secondary as the IP of the router?

And how do I create an additional subnet to allow for more than the ip addresses in the original DHCP range? I see on the router where I can create additional subnets but how do I make sure that the client computers that need to reach the DC can do so. Does something have to be configured on that end as well?

Who is Participating?

Turn off DHCP on the domain controller, turn it on for the router. That is all that is necessary to have the router be responsible for handing out IP addresses to your clients.

Your router must specify that your DC also be the one and only DNS address. Don't put anything for the secondary DNS IP in the router's DHCP configuration.

Two different subnets cannot communicate with each other in a traditional network setup, so if you had a computer with an IP that was on a different subnet it would not be able to communicate with your domain controller. In general you don't want to have more than one subnet unless there's a good reason for it.

If you are running out of IP addresses (e.g. the 254 IPs you get on your one subnet isn't enough), just change the subnet mask that your router is using so that you have more to work with. E.g. 255.255.254.0 or 255.255.0.0.

First of all, how many computers are we talking about? Do you have too many for one subnet or just not enough DHCP addresses allocated? Second, what type of router are we working with? Normally configuring a new DHCP server (and with most home routers there is a DHCP server built in) and turning off the existing one will work. You just end up with a new one offering addresses. For the short term you MAY get duplicate addresses as the new DHCP server does not know what addresses were assigned and may try to hand them out.
Eventually the machines will either be rebooted or ask for a lease extension, at which time they will be assigned a new address. Lease requests happen first at 1/2 the lease time. So you you have a lease of 24 hours, it will check if the lease is still good at 12 hours.

If you don't have that many machines and just need more addresses in your current DHCP, simply edit the DHCP address pool and make the start or end address different. Example: If you start address is 192.168.1.100 and your end is 192.168.1.120 and you need more than 20 addresses, simply edit the pool setting and make the end address 192.168.1.200.

Note: if the above helped, you will want to skip this advice below as it may confuse you.

If you do indeed have more computers than a single class C subnet can handle (255.255.255.0 subnet) You can do one of two things. 1) As stated, you can change the subnet mask for all machines on the network (this includes all static machines) to 255.255.0.0 (Class B) which opens up a huge amount of addresses. Of course the more addresses you have in a single subnet, the more collisions and traffic issues you will have. For this reason I would recommend 2) Segment machines into 2 physical networks, separated by a router (not the home DSL/Cable Modem routers). You can then use BootP/DHCP forward option in the router to forward DHCP requests to the DHCP server. Cable/DSL routers with DHCP in them will not be able to handle this, so you will need to leave the DHCP server on the Windows server. You will need to setup 2 separate pools for the DHCP addresses. The Windows server will know which subnet to hand out because the router will tag the packets as it forwards them.